EX294 Red Hat Certified Engineer RHCE – Exploring Core Components of Ansible

  • By
  • January 19, 2023
0 Comment

1. Introducing core components of Ansible

Hello, welcome to section one understanding core components of Ansible in this section, we’ll discuss about core components of ansible. In first lecture, we’ll discuss about different components briefly. Then in coming lectures, we’ll discuss about each component in more details. So here I will introduce different ansible core components. First on the list is ansible configurations files. Ansible config file is used to define various default values to be used by Ansible. For example remote port to be used by ansible to connect to remote host. So here I’m talking about remote SSH port. So by default port is 22. But we can configure an Sible config file to connect to remote host using some alternate port. Of course, we need to do the corresponding settings on the remote host itself as well. Apart from this, we can define many more settings in this file.

We’ll discuss more on this later in separate lecture. Here one important thing to be noted, almost all default values in ansible config file can be overwritten in ansible ad hoc commands and playbooks. Next, ansible Inventories ansible inventories defines hosts and groups of hosts on which ansible operates. We’ll discuss how we can define ansible inventory file and dedicated lecture. The next ansible modules. Having already said, ansible module is small python program which is designed to execute specific tasks on ansible managed nodes. Or we can also use ansible module to execute tasks on node itself or on local node where ansible is installed. Ansible variables used in playbook this is similar to variables we use in other programming languages.

We define the variables and we use them same we do in case of playbooks. We’ll discuss more on this in dedicated lecture because this is very important from exam point of view. Ansible Facts ansible facts represent data about remote systems gathered by Ansible which can be used in playbooks as variables. So by default when we execute any playbook, ansible will gather information about remote host. For example host name, operating system, information about disks, and many more information.

So we can use this information for conditional playbook execution. I will give you one example here. For example, we want to execute a specific task on one host based on hostname. If hostname is web server, dot example install web server if hostname is MariaDB dot example install MariaDB this we can do based on the facts gathered by ansible from the remote host.

Again, this is very important topic, we’ll discuss this in very details. At this moment, you need to keep in mind ansible facts are the information about remote system gathered by ansible. Next, ansible plays ansible play basically defines target host and specific tasks to be executed or remote host. Ansible play is written in YAML, so we define ansible play in YAML syntax where we define target where we need to execute a specific task, and also we define specific list of tasks. We’ll discuss more on this later on ansible playbooks list of ansible plays. Many plays can be grouped together in one playbook. This is all about brief introduction to all the core components of Ansible. In next lecture, we’ll discuss about Ansible config file in more details.

2. Exploring Ansible configuration file -ansible.cfg

In this lecture we’ll discuss about ansible config file in more details. Having already set different ansible, settings can be configured using ansible config file named as ansible CFG. So this is important. This name is standard when installing ansible. Using package manager ENF or YM, configuration file is found at this specific path. So this is system wide directory and everyone has access to this path. But ansible configuration file can be present at multiple locations as described below. And they are searched in the same order. So here is the order so we can define location of ansible config file ansible dot CFG by setting ansible underscore config environment variable. If this variable is set ansible will consider file pointed by this variable. This has highest presidency.

If this variable is not set then ansible will look in current working directory for this file. If this file is not present in current working directory then Ansible will search in users home directory if this file is present make sure file name must be dot ansible dot CFG if this file is also not present then Ansible will consider this file now we’ll move to the system and we’ll prove what we understood here. Then we’ll work through ansible config file and we’ll check and learn about different settings set over there. Now we are on ansible test C host and I am logged in as Ansible user, which is normal user. We can verify user with ID command. Now, what I will do, I will create ansible config files at multiple locations and then we’ll verify the order in which ansible searches config files. I will use touch. To create ansible config file under temp directory we have done.

I will print working directory we are in home directory of ansible user here I will create two config files ansible dot CFG and one with preceding dot. Again I will use touch we have done one with preceding dot. Now I will clear the screen now we need to set the environment variable ansible underscore config for this I will execute export ansible underscore config we’ll set this variable to path forward slash temp ansible dot CFG. We know we created config file under temp directory. Now I will execute ansible version command. So here we can see Ansible is taking into account this config file, which is pointed by environment variable. Although we have multiple config files present at different locations, because this one has the highest residence. Now what I will do, I will unset this environment variable. For this, we’ll use unset ansible underscoreconfig. Now again, I will execute ansible version command. Now, here you can see ansible is taking into account anziebell dot CFG.

So it’s searching in current working directory, which is users home directory. We have two files at the same location. But this is taking into account one without proceeding dot. Because this has second highest presidents. Now what I will do, I will delete this file. Again, we’ll execute same command. Now here we can see proceeding dot so now this is a case of ansible config file present in Users Home directory. Now we’ll delete this file as well RM dot ansible dot CFG now again we’ll execute ansible version. So now we can see this file is considered which is present on path, forward slash etc ansiebell. So this is very important to understand on the exam where you are going to create ansible config file. So they will tell you where you need to create ansible config file. In case you need to create ansible config file in current directory make sure you are executing all the playbooks and the ad hoc commands from the same path. So that that file will be taken into account.

They may ask you to use config file on this path forward slash etc and sibel. Or you might need to create config file under Users Home directory. So there are multiple options in case we delete this file as well. The one which is present on forward slash etc forward slash ensable path and then you again execute ansible version command. So in this field config file you will find none. So this means Ansible could not find any config file. Now I will clear the screen. Now we’ll work through ansible config file present on forward, slash etc ansible path and we’ll discuss about different default values set over there naw will display ansible config file using more command, more forward slash etc ansible dot CFG so here we’ll discuss important directives we need to know at RSCE level. However as we progress along the course, we’ll come back and discuss more directives. So here first information. Nearly all parameters can be overwritten in ansible playbook or with command line flags. We discussed already about this. We’ll discuss more on this while doing practical tasks.

Ansible will read ansible underscore config environment variable first then ansible dot CFG in current working directory then dot ansible dot CFG in Users Home Directory and finally on this path we already discussed about this and we know how it works. Now coming to the defaults section here, important directive is inventory which defines default location for inventory file. By default, inventory file is located on this path forward slash etc ansible on this directory path and this is inventory file name. We can modify this path according to our requirement.

In that case, we need to uncommon this and provide here new path. We can select any name for inventory file. Next, forks fork is set to five. So it means Ansible can start five connections to remote nodes in parallel. So in case we set forks to one so ansible will connect to first node, execute the task, then it will move to the next node and so on. So this is for parallel execution. We can increase folks directive according to our requirements. For example, if we said folks is equal to 15, so ansible can start 15 parallel connection to the remote nodes, but make sure your host machine has enough resources to handle that. Next important directive is remote underscore port which is 22, which is SSH port. By default, Ansible will connect on port 22 to the remote nodes, but we can change this port to non default port. For example, three times two to connect to some remote host. However, we need to make responding changes on remote host as well. We’ll discuss this later. Taking one example, next we have about Ansible facts plays will gather facts by default which contain information about remote system. Here are three options smart gather by default but don’t gather but don’t regather.

If we already gathered implicit gather by default, set will gather by default as well. You can turn it off by using directive gather underscore facts and set this to false. Explicit don’t gather by default. If you need to gather, you must set gather underscore facts directive to true. So here, gathering directive is set to implicit. So it means it will gather by default always in case we need to turn it off. Then we can turn it off by setting this directive to folds. So here we have further information in case we need to limit the gathered facts. So we can gather facts by subsets. For example, using all option gather all subsets using network option gather facts about network. Similarly, we have more options hardware virtual factor I will move down. So here, gather underscore subset directive is set to all. So it means by default all facts will be gathered. I will move next.

Next important active is roles underscore path. I haven’t said anything about roles yet. We have dedicated sections on role later on in this course. Because this is very important objective from exam point of view. For now, you should keep in mind we can set roles path using roles underscore path directive. So this is default path for roles directory. I will come to this later on. Next host underscore key underscore checking which is set to false. But this is commented out which means note used to disable SSH key checking and comment. This next on the list is remote underscore user. This is very important directive here, this is commented out which means note used it’s set.

This tells Ansible to use specified user to connect to remote host. Or another way I would say use specified user to establish SSH connection to remote host. Next module underscore name which is set to command. So this is default module. So in case you don’t provide any module by default, command module will be executed. We’ll discuss this later while doing lab tasks. We’ll move down now, important section is about privilege escalation. So here we are. So this section about privilege underscore escalation. Here become directive is set to true. But this is commented out, which means this is not effective. To make this effective, we must uncomment this. So by uncummmenting this, we’ll enable Perville escalation at ansible config level. So what does it mean? It means Ansible will connect to remote node by using user defined by remote underscore user directive. But when this is there, it will use sudo to execute commands on the remote node. Of course, we need additional configs on the remote node. We’ll discuss more on this later on here. Important thing you must keep in mind all the directives specified in ancible config file are commented out.

But still default values set to sum of directives are effective according to description provided along with directives. But for some of them, we must uncomment them to make value set to them effective. So in case your note here, if a specific directive is effective or note, you must uncomment this and set the value according to requirements. Now, moving to next directive become underscore method. So here, become underscore method is equal to pseudo. It will execute command on the remote host using pseudo become underscore user is root by default, it will execute commands with root privileges. However, we can set here some other user. We can set become underscore user to for example Apache. So in this case, so it will use sudo to elevate permissions to the Apache user about this directive become underscore ask underscore pass we’ll discuss later.

Even if we disable privilege escalation by setting become directive to fold, we can still enable it in the playbooks by setting become directive to es explicitly. Same we can do while executing ad hoc commands. Also, I did not say anything about ad hoc commands. Ad hoc commands are the commands which we execute using ansible command line on terminal for some quick actions only when they are needed. Real power of ensible is ensible playbooks, but we use ad hoc commands for the quick actions. In case you need to verify some configurations on the remote host, you can type addok command and you will get the output. You don’t need to write playbook for every action. Playbooks are normally used for the repeated action. Next, I will move down.

I will tell something about colors section. ANSI will use these different colors in the output. For example, for the warning it will be bright purple. Error will be shown in red, unreachable again red. If this is okay, then green. If changes are done on the remote host, it will show the output in yellow. We’ll come to know more on this while doing tasks. This is all about important directives of config file. We’ll come to this file back if we need to understand more directives. However, at RSE level, you don’t need to know all the directives well. I would suggest just go through this configuration file and understand different directives which we can set in this file. This is all about ansible config file. In next lecture, we will understand ansible config file. Taking one example.

3. Important Defaults Used by Ansible

In the previous lecture, we discussed about ansible config file and different default values used by ansible. Here I just listed default values used by ansible for these directives, even if they are not used or specified in ansible config file. These are directive under defaults section. Just go through this because this is very important for the exam. Here on the slide, we have default behavior for the directives under per village, underscore Escalation section. I’m not going to repeat all this. I’ve just listed all of them so that you don’t miss this important information.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img